Haitham is available for hire
Hire HaithamHaitham Gad
Verified Expert in Engineering
AWS Developer
San Diego, CA, United States
Toptal member since July 15, 2022
Bio
Haitham is a technical leader with over 15 years of experience building products and services for several enterprises. Before starting his AWS consultancy, he spent over five years at AWS, where he helped build Amazon GuardDuty, AWS's intelligent threat detection and security monitoring service. Haitham's work was instrumental in accelerating GuardDuty's adoption by thousands of AWS customers like Snap, HBO Max, Siemens, Volkswagen, and Southwest Airlines.
Portfolio
Rehashly
Node.js, Python, Amazon Web Services (AWS), Web Security, Cloud Security...
Amazon Web Services (AWS)
AWS CloudFormation, Security, Amazon GuardDuty, Java, Python, TypeScript...
Cadence Design Systems
C++, Lisp, Python, Compilers, Compiler Design, Linux, Databases...
Experience
- Python - 10 years
- C++ - 10 years
- Application Security - 6 years
- Serverless - 6 years
- Security - 6 years
- Java - 6 years
- Compliance - 4 years
- Node.js - 4 years
Availability
Part-time
Preferred Environment
Python, Node.js, Amazon Web Services (AWS), Serverless Architecture, Cloud Security
The most amazing...
...thing I've built is Amazon GuardDuty, AWS's intelligent cloud threat detection service, which was quickly adopted by the majority of big-name AWS customers.
Work Experience
Independent AWS Consultant
2022 - PRESENT
Rehashly
- Ran an AWS cloud consultancy to help clients build resilient, secure, and cost-optimized solutions on AWS.
- Helped a client build their SOC program by analyzing their system, filling gaps in logging and monitoring, writing incident response runbooks, and training the development team on secure coding and AWS security best practices.
- Bootstrapped the organization's AWS cloud infrastructure by building an AWS Control Tower landing zone and connecting their Google Workspace identities to AWS SSO. Also helped them establish security best practices.
- Performed forensic investigation for a security incident where a client lost access to some production S3 buckets. Gave the client detailed advice on how they should proceed from there to mitigate the incident and make sure it doesn't happen again.
- Assisted a client in the medical field to build a HIPAA-compliant network and data security infrastructure and set up a process for continuously monitoring and remediating compliance-related security controls.
Technologies: Node.js, Python, Amazon Web Services (AWS), Web Security, Cloud Security, Security Testing, Secure Coding, Web App Security, Security Audits, MongoDB, Infrastructure as Code (IaC), AWS Cloud Architecture, AWS CloudFormation, Back-end Development, Back-end, Functional Programming, DevOps, AWS DevOps, Architecture, OpenAPI, Swagger, OAuth 2, JSON, JSON Web Tokens (JWT), PostgreSQL, Jinja, React, HTML, CSS, Flask, REST APIs, NoSQL, MySQL, SQL, Next.js, Full-stack, Full-stack Development, Technical Leadership, Terraform, Identity & Access Management (IAM), DevSecOps, Boto 3, Google Cloud Platform (GCP), Software Design, API Integration, Integration, CI/CD Pipelines, Git, GraphQL, Cloud Platforms, Engineering, Go, IT Security, Leadership, Requirements Analysis, Technical Project Management, Postman, Prototyping, Docker, Data Modeling, Amazon CloudFront CDN, XML
Software Development Engineer
2016 - 2022
Amazon Web Services (AWS)
- Built, launched, and helped grow Amazon GuardDuty into an indispensable tool for security operations teams looking to secure their businesses' AWS workloads. GuardDuty is AWS's intelligent threat detection and security monitoring service.
- Worked closely with leadership on planning feature roadmaps, prioritizing customer requests, scoping, estimating, and tracking projects, and addressing high-urgency escalations.
- Helped architect and build several high-throughput scalable back-end microservices with strict reliability and security requirements, each processing billions of events daily.
- Built some of GuardDuty's high-value security detections end-to-end, from ideation, working with a cross-functional team of product managers, applied scientists, and security engineers, prototyping, testing, operationalization, and launch.
- Led the design and implementation of GuardDuty's multi-account functionality, simplifying GuardDuty's usability across member accounts of an AWS organization. This feature was instrumental in accelerating GuardDuty's adoption by many AWS customers.
- Pioneered the technical design and evolution of GuardDuty's control plane architecture, including external APIs, multi-language SDKs, and CloudFormation resources. Set processes and standards for API launch readiness.
- Provided technical leadership and mentoring for multiple generations of engineers over my tenure with AWS.
Technologies: AWS CloudFormation, Security, Amazon GuardDuty, Java, Python, TypeScript, AWS Cloud Architecture, Apache Spark, Scala, Ruby, Serverless, REST, APIs, Microservices, Node.js, AWS IAM, C++, AWS CloudTrail, Amazon Kinesis, AWS Lambda, Elasticsearch, Application Security, Amazon CloudWatch, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon S3 (AWS S3), Amazon Elastic Container Service (ECS), AWS Fargate, Amazon DynamoDB, Amazon Route 53, AWS Certificate Manager, Amazon API Gateway, AWS Glue, Dagger 2, Gradle, Program Management, Technical Program Management, Compliance, Web Security, Cloud Security, Amazon EC2, Amazon Virtual Private Cloud (VPC), AWS Organizations, GRC, PCI DSS, PCI Compliance, HIPAA Compliance, General Data Protection Regulation (GDPR), SOC Compliance, SOC 2, Web App Security, Amazon Elastic MapReduce (EMR), Threat Modeling, Secure Coding, Security Testing, Security Audits, API Design, Amazon Web Services (AWS), Serverless Architecture, Machine Learning, Software as a Service (SaaS), Linux, JavaScript, Databases, Back-end Development, Back-end, Functional Programming, DevOps, AWS DevOps, Architecture, OpenAPI, Swagger, OAuth 2, JSON, Jinja, React, HTML, CSS, REST APIs, NoSQL, Full-stack, Full-stack Development, Technical Leadership, Identity & Access Management (IAM), DevSecOps, Boto 3, Spark, Software Design, API Integration, Integration, CI/CD Pipelines, Git, Cloud Platforms, Engineering, Go, IT Security, Leadership, Requirements Analysis, Technical Project Management, Postman, Agile, Prototyping, Docker, ETL Implementation & Design, Data Modeling, Amazon CloudFront CDN, ETL, XML
Lead Software Engineer
2012 - 2016
Cadence Design Systems
- Developed module generators, layout-only object generators such as dummies, guard rings, and polyfills, and place and route tools for the Cadence Virtuoso GXL physical layout suite.
- Built a system for the assisted routing of physical layout devices, which accelerates the effort of routing components while allowing physical layout engineers to customize specific routing parameters.
- Led module generator qualification efforts on TSMC's advanced node process design kits (PDKs), for example, TSMC 16nm and 10nm, which gave customers better confidence in adopting them.
Technologies: C++, Lisp, Python, Compilers, Compiler Design, Linux, Databases, Functional Programming, Architecture, JSON, HTML, CSS, Technical Leadership, Software Design, API Integration, Legacy Software, Legacy Code, Integration, Git, Engineering, Requirements Analysis, Desktop App Development, Technical Project Management, Prototyping, XML
Software Development Engineer
2007 - 2012
Mentor Graphics (Acquired by Siemens)
- Built compilers and automations to help the custom IC design group accelerate PDK development for the foundries' advanced technology nodes, for example, TSMC 16nm.
- Contributed to reducing the mentor's release cycle, from 7-8 weeks down to 4-5 days, for advanced node PDKs of key foundries like TSMC and GlobalFoundries.
- Represented Mentor Graphics in the OpenPDK Coalition, an open coalition aiming to define a set of open standards to allow an OpenPDK to be created once and then translated into specific EDA vendor tools and specific foundry formats.
- Trained Mentor Graphics' PDK development team on using new PDK automation systems and building foundry partnerships.
Technologies: C++, Python, Compilers, Compiler Design, Linux, Databases, Functional Programming, Lisp, Architecture, JSON, HTML, CSS, Technical Leadership, Software Design, API Integration, Legacy Software, Legacy Code, Integration, Engineering, Requirements Analysis, Desktop App Development, Prototyping, XML
Experience
Threat Intelligence Ingestion Service
Built GuardDuty's threat intelligence ingestion service, an extensible microservice for ingesting various in-house, third-party and open source threat-intelligence feeds for use in finding generation decision logic.
I developed control-plane APIs to define new ingestors when new threat intelligence feeds become available. I also developed configurable ingestion components that allow for initiating ingestion requests with various parameters and authentication options, transforming responses, and dispatching results to different destinations.
I built data-plane APIs to invoke ingestors on a schedule or as a response to some events, such as SNS notifications. I then used the control-plane APIs to define ingestors for various in-house, third-party, and open source threat-intelligence feeds required by GuardDuty.
I developed control-plane APIs to define new ingestors when new threat intelligence feeds become available. I also developed configurable ingestion components that allow for initiating ingestion requests with various parameters and authentication options, transforming responses, and dispatching results to different destinations.
I built data-plane APIs to invoke ingestors on a schedule or as a response to some events, such as SNS notifications. I then used the control-plane APIs to define ingestors for various in-house, third-party, and open source threat-intelligence feeds required by GuardDuty.
AppSec Review Acceleration Program
Led an AppSec review acceleration program within AWS GuardDuty that achieved the following results:
• Reduced the AppSec review process timeline for new features from months to weeks.
• Uncovered and mitigated several weaknesses in the service's security posture.
• Worked with proactive security teams to mitigate very subtle and intricate attack vectors, including resource-level authorization, confused deputy protection, and cross-account access control.
I provided continuous education to the GuardDuty team on authoring effective threat models, securing their infrastructure, and writing secure code. I also continuously educated the AppSec team on the security measures that govern GuardDuty's infrastructure components, AWS account settings, and DevSecOps practices.
• Reduced the AppSec review process timeline for new features from months to weeks.
• Uncovered and mitigated several weaknesses in the service's security posture.
• Worked with proactive security teams to mitigate very subtle and intricate attack vectors, including resource-level authorization, confused deputy protection, and cross-account access control.
I provided continuous education to the GuardDuty team on authoring effective threat models, securing their infrastructure, and writing secure code. I also continuously educated the AppSec team on the security measures that govern GuardDuty's infrastructure components, AWS account settings, and DevSecOps practices.
Governance, Risk, and Compliance Program
Led GuardDuty's GRC program, helping achieve compliances and building solutions and processes for continuous adherence.
I partnered with the GRC team to understand the auditor requirements for different compliances and identify the gaps in GuardDuty's infrastructure and process security that needed to be filled to achieve each compliance. I then led a group of engineers to implement mitigations for the identified gaps.
Within the program, I helped GuardDuty achieve several compliances, including GDPR, SOC 2, Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and Federal Risk and Authorization Management Program (FedRAMP).
I also built solutions and processes to ensure GuardDuty is continuously adhering to all its existing security compliances.
I partnered with the GRC team to understand the auditor requirements for different compliances and identify the gaps in GuardDuty's infrastructure and process security that needed to be filled to achieve each compliance. I then led a group of engineers to implement mitigations for the identified gaps.
Within the program, I helped GuardDuty achieve several compliances, including GDPR, SOC 2, Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and Federal Risk and Authorization Management Program (FedRAMP).
I also built solutions and processes to ensure GuardDuty is continuously adhering to all its existing security compliances.
GuardDuty's Operations Platform
Led the design and implementation of GuardDuty's Operations Platform, an extensible system built in Python and used by on-call rotation engineers to scale critical administrative and operational activities across GuardDuty's 28 commercial and GovCloud production regions.
Education
2001 - 2006
Bachelor's Degree in Electrical Engineering and Computer Science
Cairo University - Cairo, Egypt
Certifications
JANUARY 2022 - JANUARY 2025
AWS Certified Security Specialist
Amazon Web Services
DECEMBER 2014 - PRESENT
Machine Learning
Coursera
APRIL 2013 - PRESENT
Compilers
Coursera
Skills
Libraries/APIs
Node.js, OpenAPI, REST APIs, React
Tools
AWS CloudFormation, AWS IAM, AWS CloudTrail, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon Elastic Container Service (ECS), AWS Fargate, Amazon Virtual Private Cloud (VPC), Amazon CloudWatch, Amazon Elastic MapReduce (EMR), Boto 3, Git, Postman, Amazon CloudFront CDN, AWS Glue, Gradle, Terraform
Languages
Python, TypeScript, Java, C++, JavaScript, Lisp, HTML, Scala, Ruby, CSS, SQL, XML, GraphQL, Go, Python 3
Frameworks
Swagger, Jinja, Apache Spark, Dagger 2, OAuth 2, JSON Web Tokens (JWT), Next.js, Spark, Flask
Paradigms
REST, Microservices, Serverless Architecture, Functional Programming, DevOps, DevSecOps, Requirements Analysis, Desktop App Development, Agile, ETL Implementation & Design, ETL, HIPAA Compliance, Compiler Design
Platforms
AWS Lambda, Amazon EC2, Amazon Web Services (AWS), Linux, Docker, Google Cloud Platform (GCP)
Storage
Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, Databases, JSON, NoSQL, MongoDB, PostgreSQL, MySQL
Other
Amazon GuardDuty, AWS Cloud Architecture, Amazon Route 53, AWS Certificate Manager, Amazon API Gateway, Program Management, Technical Program Management, Application Security, Web Security, Cloud Security, AWS Organizations, GRC, Compliance, Web App Security, Serverless, APIs, Amazon Kinesis, Threat Modeling, Secure Coding, API Design, Software as a Service (SaaS), Infrastructure as Code (IaC), Back-end Development, Back-end, AWS DevOps, Architecture, Technical Leadership, Identity & Access Management (IAM), Software Design, API Integration, Legacy Software, Legacy Code, Integration, CI/CD Pipelines, Cloud Platforms, Engineering, IT Security, Prototyping, Data Modeling, Security, PCI DSS, PCI Compliance, General Data Protection Regulation (GDPR), SOC Compliance, SOC 2, FedRAMP, Security Testing, Security Audits, Compilers, Full-stack, Full-stack Development, Leadership, Technical Project Management, Machine Learning
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring